UCLA recently agreed to pay a penalty of $865,000 for a series of HIPPA violations and now they are forced to reveal that the theft of an external hard drive from a former employee’s home has created the fears of yet another security breach. Plus, UCLA is offering 16,288 patients credit and fraud protection services.
This was a remarkably silly and avoidable breach. According to the news reports, the information on the hard drive was encrypted, but the password necessary to unscramble the information was written on a piece of paper near the hard drive and cannot be located.
I continue to preach this about passwords; it is not necessarily that the passwords are insecure, rather it is how people manage them. And in this case, the password was managed quite stupidly. Unfortunately, this is all too common.
16,000 UCLA patients have been advised that while there is not yet any evidence that patient information has been accessed, the fact remains that now patient names, birth dates, medical record numbers, addresses and medical record information are potentially up for grabs by cyber-thieves. According to a statement from UCLA, the documents did not contain Social Security numbers.
According to the UCLA Public Notice, “UCLA Health System is reviewing its policies and procedures and will make any necessary revisions to help reduce the likelihood this will happen again,” according to the statement. “In addition, UCLA Health System will provide additional education and awareness to its workforce members regarding the appropriate methods for storing patient information.
This was an easily avoidable problem. What is needed where password security is paramount is a multi-factor, password manager that also authenticates the user.
Power LogOn® by Access Smart could have easily prevented this breach because the employee would have had no need to write the password ANYWHERE!
And IT could have blocked the password so the former employee wouldn’t even know the decryption password so it COULDN’T be written on a piece of paper.
Power LogOn® protects businesses and individual users with an affordable, easy-to-use, secure password manager.
- Power LogOn® is your “password conciergeTM” for the virtual word.
- Power LogOn® does more than just manage account passwords. It is a secure caretaker of one’s digital identity.
- Power LogOn implements multi-factor authentication
- Power LogOn stores and checks the URL of a site before any information is released. This feature protects against phishing, pharming and spam.
- Power LogOn® allows the user to never have to type or remember passwords to protect user against spyware, keyloggers and over-the-shoulder surfers capturing passwords.
- Power LogOn integrates with different card technologies (i.e. Magstripe, RFID, barcode, contact smartcards, contactless smartcards, etc.) software, computer servers and/or biometrics (fingerprint, iris, face, hand, voice, etc.) for secure log on access into computers, networks, internet, extranet, intranet and computer applications.
For more information about how Power LogOn® can protect your company from a data breach, fines and other financial and business ramifications call Dovell Bonnet 949-218-8754.